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DETAILED ACTION 

1 . Claims 1-26 are pending. 

Priority 

2. Applicant's claim for the benefit of a prior-filed application under 35 U.S.C. 1 1 9(e) 
or under 35 U.S. C. 120, 121 , or 365(c) is acknowledged. Since Applicant has provided 
an English translation of the foreign application, the effective filing date for this 
application is 1-22-2002. 

Claim Objections 

3. Claims 1 , 1 7 & 1 8 are objected to because of the following informalities: 

a. Regarding claim 1 , "the current destination address" in line 14, lacks 
antecedent basis. This phrase can be replaced with "the destination address". 

b. Regarding claims 17 & 18, "the modified IKE protocol" in line 3 of each 
claim, lacks antecedent basis. Appropriate correction is required. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

4. Claim 26 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 
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5. Regarding claim 26, it is unclear whether "a given second computer" in line 4, is 
referring to "a second computer", in line 3 of claim 22, or if applicant is introducing 
another computer, which would be the fourth computer, into the claim. For examination 
purposes, "a given second computer" has been considered another computer. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

6. Claims 1-5, 7-10, 22-24 & 26 are rejected under 35 U.S.C. 102(e) as being 
anticipated by U.S. Patent Application Publication No. 2001/0047487 to Linnakangas, et 
al. (Linnakangas). 

7. Regarding claim 1 , Linnakangas teaches a method for secure forwarding of a 
message from a first computer to a second computer via an intermediate computer in a 
telecommunication network(See paragraph 24, lines 4-8; wherein the local host 5 is the 
first computer, remote host 4 is the second computer, and router 2 is the intermediate 
computer), comprising: a) forming a message in the first computer or in a computer 
that is served by the first computer, and in the latter case sending the message to the 
first computer (See par. 24, lines 4-1 1 ; wherein message formation is inherent in 
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"communication" and "exchanging user generated traffic"), b) in the first computer, 
forming a secure message by giving the message a unique identity and a destination 
address (See par.'s 4 & 24; wherein the SPI is the unique identity, and the header 
inherently includes the destination address), c) sending the secure message from the 
first computer to the intermediate computer (See par. 24, lines 4-6), d) using said 
destination address and the unique identity to find an address to the second computer 
(See par.'s 4 & 24; wherein a router that is able to perform IPSec and IKE translation, 
inherently includes a translation table), e) substituting the current destination address 
with the found address to the second computer (See par.'s 4 & 24; wherein address 
substitution is a standard part of IPSec processing and IKE translation), f) substituting 
the unique identity with another unique identity (See par.'s 4 & 24; wherein generating 
and substituting SPI's is a standard part of IPSec processing and IKE translation), and 
g) forwarding the secure message with substituted current destination address and 
substituted unique identity to the second computer (See par. 24, line 11). 

8. Regarding claim 2, Linnakangas discloses forming the secure message in step b) 
by using an IPSec connection between the first computer and the second computer 
(See par. 24, lines 4-7). 

9. Regarding claim 3, Linnakangas discloses performing a secure forwarding of the 
message by making use of SSL or TLS protocols (See par. 24, lines 4-7; wherein using 
a secure socket layer (SSL) is inherent in IPSec). 

10. Regarding claim 4, Linnakangas discloses manually performing a preceding 
distribution of keys to components for forming the IPSec connection (See par. 40, lines 
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8-12; wherein manual distribution occurs when the IKE module is responding to a 
request). 

1 1 . Regarding claim 5, Linnakangas discloses performing a preceding distribution of 
keys for forming the IPSec connection by an automated key exchange protocol (See 
par. 40, lines 8-12; wherein automated key exchange occurs when the IKE module 
initiates negotiations). 

12. Regarding claim 7, Linnakangas teaches sending the message that is sent from 
the first computer in step c) as a packet that contains message data, an inner IP header 
containing the actual sender and receiver addresses, an outer IP header containing the 
addresses of the first computer and the intermediate computer (See par. 3, lines 1-6). 

13. Regarding claim 8, Linnakangas teaches the IPSec connection being one or 
more security associations (SA) and the unique identity being one or more SPI values 
(See par. 4, lines 5-14). 

14. Regarding claim 9, Linnakangas teaches performing the matching in step d) 

by using a translation table stored at the intermediate computer (See par. 31, lines 1-6; 
wherein the IP forwarder module is part of the intermediate computer). 

15. Regarding claim 10, Linnakangas teaches changing both the address and 
the SPI-value by the intermediate computer in steps e) and f) (See par. 24; wherein 
IPSec includes replacing addresses in accordance with the translation tables, and 
assigning a new SPI value to every received packet). 

16. Regarding claim 22, Linnakangas teaches a telecommunication network for 
secure forwarding of messages, comprising: at least a first computer, a second 
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computer and an intermediate computer, the first and the second computers having 
means for performing an IPSec processing, and the intermediate computer having 
translation tables to perform IPSec and IKE translation (See par. 24, lines 1-15; wherein 
local host 5 is the first computer, remote host 4 is the second computer, and router 2 is 
the intermediate computer). 

1 7. Regarding claim 23, Linnakangas teaches the translation table for IPSec 
translation has IP addresses of the intermediate computer to be matched with IP 
addresses of the second computer (See par. 24, lines 4-6; wherein the router inherently 
has translation tables to perform IPSec). 

18. Regarding claim 24, Linnakangas teaches the translation tables for IKE 
translation consists of two partitions, one for the communication between the first 
computer and the intermediate computer and another for the communication between 
the intermediate computer and the second computer (See par. 24, lines 4-8; wherein 
the router (or intermediate computer) inherently includes at least two translation tables 
(or partitions), since one translation table is required for each IPSec connection, and 
there are at least two IPSec connections). 

19. Regarding claim 26, Linnakangas teaches another translation table for IKE 
translation containing fields for matching a given user to a given second computer (See 
par. 24, lines 8-11; wherein each remote host must establish a new secure connection, 
which includes a new translation table). 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

20. Claims 6, 1 1-14 & 20-21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Linnakangas, as applied to claim 1 above, in view of Applicant's 
Admitted Prior Art (AAPA). 

21 . Regarding claim 6, Linnakangas teaches the invention as described in claim 5. 
Linnakangas does not teach performing the automated key exchange protocol used for 
the preceding distribution of keys for forming the IP Sec connection by means of a 
modified IKE key exchange protocol between the first computer and the intermediate 
computer and by means of a standard IKE key exchange protocol between the 
intermediate computer and the second computer. However, AAPA teaches a 
modified IKE key exchange protocol between the first computer and the intermediate 
computer (See page 8, lines 27-29; wherein the key exchange is modified to support 
NAT traversal) and a standard IKE key exchange protocol between the intermediate 
computer and the second computer (See p. 8, lines 29-32). 

Using the features of AAPA in the system of Linnakangas would have added 
flexibility by allowing different networks to connect to the system. Therefore, it would 
have been obvious to one of ordinary skill in the art, at the time of the invention, to 
combine the teachings of AAPA and Linnakangas. 
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22. Regarding claim 1 1 , Linnakangas teaches the invention as described in claim 1 . 
Linnakangas does not teach the first computer being a mobile terminal, so that the 
mobility is enabled by modifying the translation table at the intermediate 

computer. However, AAPA teaches this limitation (See p. 7, lines 10-16). 

Using the features of AAPA in the system of Linnakangas would have broadened 
the appeal and applicability of the system by allowing mobile units to connect to the 
network. Therefore, it would have been obvious to one of ordinary skill in the art, at the 
time of the invention, to combine the teachings of AAPA and Linnakangas. 

23. Regarding claim 12, Linnakangas, in view of AAPA, teach the invention as 
described in claim 1 1 . Linnakangas further teaches performing the modification of the 
translation tables by sending a request for registration of the new address from the first 
computer to the intermediate computer (See p. 3, par.'s 46-51). 

24. Regarding claim 13, Linnakangas, in view of AAPA, teach the invention as 
described in claim 12. Linnakangas further teaches sending a reply to the request for 
registration from the intermediate computer to the first computer (See p. 3, par. 50). 

25. Regarding claim 14, Linnakangas, in view of AAPA, teach the invention as 
described in claim 12. Linnakangas further teaches authenticating or encrypting by 
IPSec the request for registration and/or reply (See p. 3, par. 62). 

26. Regarding claim 20, Linnakangas teaches the invention as described in claim 1 . 
Linnakangas does not teach sending the secure message by using an IPSec transport 
mode. However, AAPA teaches this limitation (See p. 4, lines 14-19). 
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Using the features of AAPA in the system of Linnakangas would have added 
improved security to the system. Therefore, it would have been obvious to one of 
ordinary skill in the art, at the time of the invention, to combine the teachings of AAPA 
and Linnakangas. 

27. Regarding claim 21 , Linnakangas teaches the invention as described in claim 1 . 
Linnakangas does not teach sending the secure message by using an IPSec tunnel 
mode. However, AAPA teaches this limitation (See p. 4, lines 21-29). 

Using the features of AAPA in the system of Linnakangas would have added 
improved security and flexibility to the system. Therefore, it would have been obvious to 
one of ordinary skill in the art, at the time of the invention, to combine the teachings of 
AAPA and Linnakangas. 

28. Claims 15-19 & 25 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Linnakangas, as applied to claims 4 & 24 above, in view of U.S. Patent Number 
6,985,953 issued to Sandhu, et al. (Sandhu). 

29. Regarding claim 15, Linnakangas teaches the invention as described in claim 4. 
Linnakangas further teaches establishing the key distribution for the secure connections 
by establishing an IKE protocol translation table, and using the translation table to 
modify IP addresses of IKE packets in the intermediate computer (See par. 24, lines 4- 
6). Linnakangas does not teach using the translation table to modify cookie values of 
IKE packets in the intermediate computer. However, Sandhu teaches this limitation 
(See col. 7, line 55 to col. 8, line 19; wherein the KDC is the intermediate computer). 
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Using the features of Sandhu in the system of Linnakangas would have added 
another layer of security within the secure connection. Therefore, it would have been 
obvious to one of ordinary skill, at the time of the invention, to combine the teachings of 
Sandhu and Linnakangas. 

30. Regarding claim 16, Linnakangas in view of Sandhu teach the invention as 
described in claim 15. Linnakangas does not teach establishing the key exchange 
distribution by: generating an initiator cookie and sending a zero responder cookie to 
the second computer, generating a responder cookie in the second computer, and 
establishing a mapping between IKE cookie values in the intermediate computer. 
However, Sandhu teaches generating an initiator cookie and sending a zero responder 
cookie to the second computer (See col. 8, lines 41-47; wherein the Authenticator is the 
initiator cookie), generating a responder cookie in the second computer (See col. 8, 
lines 41-47; wherein Bob's response is the responder cookie), and establishing a 
mapping between IKE cookie values in the intermediate computer (See col. 8, lines 49- 
51 ; wherein a mapping is required for authentication). 

Using the features of Sandhu in the system of Linnakangas would have 
increased the number of security features available in the system. Therefore, it would 
have been obvious to one of ordinary skill in the art, at the time of the invention, to 
combine the teachings of Sandhu and Linnakangas. 

31 . Regarding claim 17, Linnakangas in view of Sandhu teach the invention as is 
described in claim 15. Linnakangas further teaches modifying the IKE protocol between 
the first computer and the intermediate computer by transmitting the IKE keys from the 
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first computer to the intermediate computer in order to decrypt and modify IKE packets 
(See par.'s 4 & 24; wherein the remote host 4 is an IPSec node that sends the IKE keys, 
and equates to applicant's first computer). 

32. Regarding claim 18, Linnakangas in view of Sandhu teach the invention as is 
described in claim 15. Linnakangas further teaches carrying out the modification of the 
IKE packets by the first computer with the intermediate computer requesting such 
modifications (See par.'s 41-45; wherein the IKE module is in the intermediate 
computer). 

33. Regarding claim 19, Linnakangas in view of Sandhu teach the invention as 
described in claim 17. Linnakangas further teaches defining the address so that the first 
computer is identified for the second computer by the intermediate computer by means 
of an IP address taken from a pool of user IP addresses when forming the translation 
table (See par.'s 56 & 57). 

34. Regarding claim 25, Linnakangas teaches the invention as described in claim 24. 
Linnakangas further teaches both partitions of the mapping table for IKE translation 
contains translation fields for a source IP address and a destination IP address between 
respective computers (See par. 24, lines 4-8; wherein source and destination addresses 
are inherent in IPSec). Linnakangas does not teach the mapping table for IKE 
translation contains translation fields for initiator and responder cookies between 
respective computers. However, Sandhu teaches a mapping table that contains 
translation fields for initiator and responder cookies between respective computers (See 
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col. 8, lines 41-51 ; wherein the authenticator is the initiator cookie and Bob's response 
is the responder cookie). 

Using the features of Sandhu in the system of Linnakangas would have provided 
increased security and insured that messages where transmitted to the correct 
destination. Therefore, it would have been obvious to one of ordinary skill in the art, at 
the time of the invention, to combine the teachings of Sandhu and Linnakangas. 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jeffrey Seto whose telephone number is (571)270-7198. 
The examiner can normally be reached on Monday thru Thursday and alt. Fridays, 
9AM-6 :30PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jeffrey Pwu can be reached on (571) 273-6798. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



JKS 

11/5/2008 

/Joseph E. Avellino/ 

Primary Examiner, Art Unit 2446 



